I am considering the pro's and con's of allowing an application client to access either the web or the
ejb container as both are possible under the J2EE spec.
The benefits of connecting to the web tier is that only the web tier needs to be exposed to the outside world in the DMZ while the application tier can remain buried within the organisations security infra-structure behind inner firewalls. Of course this is a benefit only if the application client connects accross the internet - if it connects across a secure intranet I don't think it is a benefit as there is no exposure to the outside world.
The advantage of connectivity directly to the ejb container is that of greater performance (as the overhead of the web container is gone) and greater availability. If the web servers crash application clients can still access the system.
Does anyone have any thoughts on this (ie as to whether my reasoning are correct or not) and/or can throw any other light on this dilemma?
Thanks
Peter